james-server-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Javier Storni" <jav...@512konline.com.ar>
Subject Re: Password encryption algorithm.
Date Tue, 04 Mar 2003 20:32:57 GMT
I agree. A linux expert in the list ? Please.

Thanks

Javier Storni


----- Original Message -----
From: <vincenzo.gianferraripini@praxis.it>
To: "James Users List" <james-user@jakarta.apache.org>
Sent: Tuesday, March 04, 2003 5:30 PM
Subject: Re: Password encryption algorithm.


> >doesn't md5 use a salt?
> >
> >b
> >
>
> MD5 is just a strong *one way* hashing (digest) algorithm, as SHA1 and
others. The result of MD5 is an array of 16 bytes.
>
> If a salt is being used or not depends on the situation.
>
> James does not use a salt.
>
> Does Linux use a salt? I don't know. If the answer is yes, then there is
no solution to Javier's problem:
>
> Let's have MD5(pw+salt) -> hashLinux, and MD5(pw) -> hashJames.
> Even if I know the salt, as I don't know the password I can't compute
hashJames starting from hashLinux.
>
> Instead, if Linux does not use a salt, I have MD5(pw) -> hashLinux =
hashJames.
>
> The latter is my case (I have Tomcat sharing user passwords with James);
the only difference is the base representation. Both Tomcat and James can
use MD5 or SHA1, but Tomcat uses base-16 and James base-64. I just have to
take hashTomcat and convert it to base-64 (and truncate to 20 chars) to have
hashJames.
>
> Maybe some Linux expert in this list can clarify.
>
> Bye,
>
> Vincenzo
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: james-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: james-user-help@jakarta.apache.org
>


---------------------------------------------------------------------
To unsubscribe, e-mail: james-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: james-user-help@jakarta.apache.org


Mime
View raw message